Privacy Policy

1. Introduction

This Privacy Policy describes how the Strategic Sales Intelligence platform ("Service") collects, uses, and protects your information. We are committed to protecting your privacy and handling your data responsibly. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you authenticate via OAuth, we receive and store your user ID, display name, and email address as provided by the authentication provider. We do not collect passwords.

2.2 Publicly Available Research Data

The Service processes publicly available information including company websites, press releases, marketing materials, SEC filings, and other publicly accessible business data. This data is sourced from the public internet and is not considered personal data. The Service is designed to work exclusively with publicly available information — you should not input confidential, proprietary, or sensitive data into the platform.

2.3 Waitlist Information

If you join our waitlist, we collect your email address and optionally your name. This information is used solely to notify you when access becomes available and to manage the onboarding process. Waitlist data is retained for up to 12 months and can be deleted upon request.

2.4 Payment Information

Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription ID for reference purposes. We never store, process, or have access to your full credit card number, CVV, or other sensitive payment details. All payment data is governed by Stripe's Privacy Policy.

2.5 API Keys (BYOK)

If you provide an OpenAI API key (BYOK), it is encrypted using AES-256-GCM before storage. Only the first 8 characters are stored in plaintext as a key prefix for identification. Your full API key is never logged, displayed, or transmitted in plaintext.

2.6 Usage Data

We collect first-party usage metrics including page views, feature usage, and error logs. This data is used for service improvement and is not shared with third-party advertising networks. We do not use third-party tracking cookies.

2.7 Conversation History

Messages exchanged with the AI report assistant are stored to provide conversation continuity. This includes your questions, AI responses, edit commands, and associated metadata.

3. How We Use Your Information

We use collected information to:

• Provide and improve the Service
• Generate AI-powered research reports and analysis from publicly available data
• Maintain conversation history for assistant continuity
• Process payments and manage subscriptions via Stripe
• Enforce usage limits and prevent abuse
• Monitor service health and diagnose technical issues
• Communicate important updates about the Service

4. Third-Party Services

The Service integrates with the following third-party services:

4.1 OpenAI

Research queries and prompts are sent to OpenAI's API for AI processing. When using BYOK, your API key is used directly. OpenAI's data handling is governed by their Privacy Policy. API data is not used for model training when using the API.

4.2 Stripe

Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Your payment information is transmitted directly to Stripe and never passes through our servers. See Stripe's Privacy Policy for details on how they handle your data.

4.3 Authentication Provider

We use OAuth for authentication. Only necessary profile information (user ID, name, email) is transmitted during the authentication flow.

5. Data Security

We implement the following security measures:

• All data transmitted over HTTPS/TLS encryption
• API keys encrypted at rest with AES-256-GCM
• Session cookies with HttpOnly, Secure, and SameSite attributes
• Per-user data isolation — users can only access their own research data
• Role-based access control for administrative functions
• Rate limiting to prevent abuse
• Server-side input validation on all endpoints

6. Data Retention

Research reports, conversation history, and usage logs are retained for the duration of your account. Waitlist data is retained for up to 12 months. You may delete individual research reports and clear conversation history at any time. API keys can be deleted immediately through the Settings page.

Upon account deletion, all associated data — including research reports, watchlists, deal preps, prompt lab entries, conversation history, API keys, and usage logs — is permanently deleted within 24 hours. This action is irreversible.

7. Your Rights

You have the right to:

• Access your stored data through the Service interface
• Delete your research reports and conversation history
• Remove your API keys at any time
• Request a complete export of your data
• Delete your account and all associated data — available in Settings under the "Account" section. Account deletion is immediate and permanent.
• Request removal of your waitlist entry at any time

If you are located in the European Economic Area (EEA), you may also have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Data is only shared with third-party services as described in Section 4, and only to the extent necessary to provide the Service.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service. Your continued use after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your data rights, please contact the platform administrator or use the Contact page.